Eclipsefoundation Mosquitto
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Eclipsefoundation Mosquitto.
By the Year
In 2026 there have been 0 vulnerabilities in Eclipsefoundation Mosquitto. Mosquitto did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 0.00 |
It may take a day or so for new Mosquitto vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Eclipsefoundation Mosquitto Security Vulnerabilities
Eclipse Mosquitto libmosquitto OOB read via malformed SUBACK (1.3.2-2.0.18)
CVE-2024-10525
- October 30, 2024
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
Heap-based Buffer Overflow
Double Free in Eclipse Mosquitto 2.0.0-2.0.18 via topic remapping on bridge
CVE-2024-3935
- October 30, 2024
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
Double-free
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Eclipsefoundation Mosquitto or by Eclipsefoundation? Click the Watch button to subscribe.
